Re: Why does Debian allow all incoming traffic by default

On Mon, Sep 24, 2018 at 07:39:59PM +0100, Jonathan Dowland wrote:
> On Fri, Sep 21, 2018 at 08:55:21AM -0400, Henning Follmann wrote:
> > Run a netstat -t -l and you will see there is nothing listening. So
> > what is the point of running a firewall?
>
> There's plenty of reasons to run a firewall even if you think you are
> not running any services. You may be mistaken; a service may be started
> without your knowledge, either in error or as an unintended consequence
> of something you have done (install/run another piece of software); or,
> a third party may have acquired access to your machine in some way and
> attempted to run a backdoor process to listen for incoming connections.
>
And there are also reasons not to install by default one. And this is what
the OP was about. The default is to not install listening services a thus
no need for a firewall. Any default firewall would then force
maintainers of packages to test for the default firewall and if present
inject a default rule to make the service available. Otherwise you will
have endless rants about "why is my ssh not working.." etc.
-H
--
Henning Follmann | hfollmann@xxxxxxxxxxxxxxx